package org.spongycastle.jsse.provider;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.jsse.BCSNIMatcher;
import org.spongycastle.jsse.BCSNIServerName;
import org.spongycastle.tls.Certificate;
import org.spongycastle.tls.CertificateRequest;
import org.spongycastle.tls.DefaultTlsServer;
import org.spongycastle.tls.NamedGroup;
import org.spongycastle.tls.ProtocolVersion;
import org.spongycastle.tls.ServerNameList;
import org.spongycastle.tls.TlsCredentials;
import org.spongycastle.tls.TlsExtensionsUtils;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.DHGroup;
import org.spongycastle.tls.crypto.DHStandardGroups;
import org.spongycastle.tls.crypto.TlsCrypto;
import org.spongycastle.tls.crypto.TlsCryptoParameters;
import org.spongycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.spongycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.spongycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import org.spongycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {
    public static Logger B = Logger.getLogger(ProvTlsServer.class.getName());
    public static final int C = PropertyUtils.b("jdk.tls.ephemeralDHKeySize", 2048, 1024, 8192);
    public boolean A;
    public final ProvTlsManager v;
    public final ProvSSLParameters w;
    public BCSNIServerName x;
    public Set<String> y;
    public TlsCredentials z;

    public ProvTlsServer(ProvTlsManager provTlsManager) {
        super(provTlsManager.e().b());
        this.x = null;
        this.y = null;
        this.z = null;
        this.A = false;
        this.v = provTlsManager;
        this.w = provTlsManager.d();
    }

    @Override // org.spongycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean G() {
        return this.A;
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public short[] I() {
        return this.v.getContext().t() ? new short[]{0} : super.I();
    }

    @Override // org.spongycastle.tls.DefaultTlsServer, org.spongycastle.tls.AbstractTlsServer
    public int[] N() {
        return TlsUtils.R(this.v.e().b(), this.v.getContext().b(this.w.d()));
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public void O(Certificate certificate) {
        if (certificate == null || certificate.d()) {
            if (this.w.f()) {
                throw new TlsFatalAlert((short) 40);
            }
        } else {
            if (!this.v.a(JsseUtils.k(this.v.e().b(), certificate), JsseUtils.f(certificate.b(0).a()))) {
                throw new TlsFatalAlert((short) 42);
            }
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public DHGroup V() {
        int i = C;
        if (i <= 1024) {
            return DHStandardGroups.c;
        }
        if (i <= 1536) {
            return DHStandardGroups.d;
        }
        if (i <= 2048) {
            return DHStandardGroups.n;
        }
        if (i <= 3072) {
            return DHStandardGroups.o;
        }
        if (i <= 4096) {
            return DHStandardGroups.p;
        }
        if (i <= 6144) {
            return DHStandardGroups.q;
        }
        if (i <= 8192) {
            return DHStandardGroups.r;
        }
        throw new IllegalStateException("Ephemeral DH key size has unexpected value: " + i);
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public int W() {
        boolean t = this.v.getContext().t();
        if (this.l == null) {
            return t ? FipsUtils.b() : NamedGroup.c();
        }
        int i = 0;
        int i2 = 0;
        while (true) {
            int[] iArr = this.l;
            if (i >= iArr.length) {
                return i2;
            }
            int i3 = iArr[i];
            if (!t || FipsUtils.d(i3)) {
                i2 = Math.max(i2, NamedGroup.a(i3));
            }
            i++;
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public ProtocolVersion a() {
        String[] g = this.w.g();
        if (g != null && g.length > 0) {
            for (ProtocolVersion protocolVersion = this.d; protocolVersion != null; protocolVersion = protocolVersion.f()) {
                String q = this.v.getContext().q(protocolVersion);
                if (q != null && JsseUtils.b(g, q)) {
                    B.fine("Server selected protocol version: " + protocolVersion);
                    this.p = protocolVersion;
                    return protocolVersion;
                }
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public boolean a0(int i) {
        if (!o0(i)) {
            return false;
        }
        this.v.getContext().y(i);
        return super.a0(i);
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public int b0(int i) {
        int i2;
        int i3;
        if (this.l == null) {
            return d0(i);
        }
        boolean t = this.v.getContext().t();
        while (true) {
            int[] iArr = this.l;
            if (i2 >= iArr.length) {
                return -1;
            }
            i3 = iArr[i2];
            i2 = (NamedGroup.a(i3) < i || (t && !FipsUtils.d(i3))) ? i2 + 1 : 0;
        }
        return i3;
    }

    @Override // org.spongycastle.tls.AbstractTlsServer
    public int d0(int i) {
        if (i <= 256) {
            return 23;
        }
        return i <= 384 ? 24 : -1;
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void g(short s, short s2, String str, Throwable th) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (B.isLoggable(level)) {
            String e = JsseUtils.e("Server raised", s, s2);
            if (str != null) {
                e = e + ": " + str;
            }
            B.log(level, e, th);
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public Hashtable h() {
        super.h();
        if (this.x != null) {
            U().put(TlsExtensionsUtils.i, TlsExtensionsUtils.h());
        }
        return this.s;
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void m(short s, short s2) {
        super.m(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (B.isLoggable(level)) {
            B.log(level, JsseUtils.e("Server received", s, s2));
        }
    }

    public boolean o0(int i) {
        this.z = null;
        int J = TlsUtils.J(i);
        if (J != 1 && J != 3 && J != 5 && J != 7 && J != 9) {
            if (J != 11) {
                switch (J) {
                    case 16:
                    case 17:
                    case 18:
                    case 19:
                        break;
                    case 20:
                        break;
                    default:
                        return false;
                }
            }
            return true;
        }
        X509KeyManager c = this.v.e().c();
        if (c == null) {
            return false;
        }
        String g = JsseUtils.g(J);
        if (this.y.contains(g)) {
            return false;
        }
        String chooseServerAlias = c.chooseServerAlias(g, null, null);
        if (chooseServerAlias == null) {
            this.y.add(g);
            return false;
        }
        TlsCrypto C2 = C();
        if (!(C2 instanceof JcaTlsCrypto)) {
            throw new UnsupportedOperationException();
        }
        PrivateKey privateKey = c.getPrivateKey(chooseServerAlias);
        Certificate h = JsseUtils.h(C2, c.getCertificateChain(chooseServerAlias));
        if (privateKey == null || !JsseUtils.m(J, privateKey) || h.d()) {
            this.y.add(g);
            return false;
        }
        if (J == 1) {
            this.z = new JceDefaultTlsCredentialedDecryptor((JcaTlsCrypto) C2, h, privateKey);
            return true;
        }
        if (J != 3 && J != 5) {
            if (J != 7 && J != 9) {
                switch (J) {
                    case 16:
                    case 18:
                        break;
                    case 17:
                    case 19:
                        break;
                    default:
                        return false;
                }
            }
            this.z = new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) C2, h, privateKey);
            return true;
        }
        this.z = new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(this.c), (JcaTlsCrypto) C2, privateKey, h, TlsUtils.l(this.c, this.k, TlsUtils.N(J)));
        return true;
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public synchronized void q() {
        this.A = true;
        this.v.c(new ProvSSLConnection(this.c, this.v.e().d().c(this.c.b())));
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public CertificateRequest s() {
        if (!(this.w.f() || this.w.k())) {
            return null;
        }
        short[] sArr = {1, 2, 64};
        Vector j = TlsUtils.W(this.p) ? JsseUtils.j(C()) : null;
        Vector vector = new Vector();
        X509TrustManager e = this.v.e().e();
        if (e != null) {
            for (X509Certificate x509Certificate : e.getAcceptedIssuers()) {
                vector.addElement(X500Name.s(x509Certificate.getSubjectX500Principal().getEncoded()));
            }
        }
        return new CertificateRequest(sArr, j, vector);
    }

    @Override // org.spongycastle.tls.DefaultTlsServer, org.spongycastle.tls.TlsServer
    public TlsCredentials u() {
        return this.z;
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public void y(Hashtable hashtable) {
        Collection<BCSNIMatcher> h;
        ServerNameList s;
        super.y(hashtable);
        if (hashtable == null || (h = this.v.d().h()) == null || h.isEmpty() || (s = TlsExtensionsUtils.s(hashtable)) == null) {
            return;
        }
        BCSNIServerName d = JsseUtils.d(s, h);
        this.x = d;
        if (d == null) {
            throw new TlsFatalAlert((short) 112);
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsServer, org.spongycastle.tls.TlsServer
    public int z() {
        this.y = new HashSet();
        int z = super.z();
        B.fine("Server selected cipher suite: " + this.v.getContext().l(z));
        this.y = null;
        return z;
    }
}
